The present invention relates in general to data processing systems, and in particular, to a method, system and computer program product for the exchange of encrypted data between computer systems using remote direct memory access.
Encryption is used to protect existing data in memory, as well as information in data files and other sources. Encryption can enhance protection in environments where securing data is physically difficult due to points of access to all networks. In addition, encrypting data is also used to protect data that is in transit, such as data being transferred via networks. This transient data may be submitted through the Internet and within a cloud computing environment using various computer systems, both wireline and wireless. As the technological savvy of hackers and related tools become more advanced, so is the need to create more advanced countermeasures to protect data.
Data transmitted in networks and data stored on persistent storage like disks or solid state devices (SSDs) increasingly needs to be encrypted for various business reasons. This encryption should preferably happen transparent to existing applications, with low overhead and low additional hardware cost.
Network data exchange to memory between different computer systems is known in prior art. For example remote direct memory access (RDMA) may be used by a computer system for getting access to data stored in the main memory of another computer system. Operating systems of the computer systems e.g. negotiate network encryption keys and encrypt/decrypt data before sending/after receiving data from the network. Thus, if used with a secure memory, the network data is encrypted/decrypted twice.